China's GDPR Is Coming: Are You Ready? 'Exploring The Upcoming China's Draft Personal Information Protection Law Topic Thirteen ' Enforcement Authorities

• Published date: 02 August 2021
• Subject Matter: Privacy, Technology, Data Protection, Security, New Technology
• Law Firm: Dentons
• Author: Mr Jet Deng

On April 29, 2021, China released the second draft of Personal Information Protection Law (hereinafter the "PIPL" or "Draft") for public comments, which replaced the first draft issued in October 2020. The PIPL is regarded as the "Chinese GDPR" and widely believed to have significant influence on the development of many industries especially the digital business. To help multinational corporations better understand the PIPL and be well prepared for the coming new era of data protection in China, we will prepare 15 thematic articles on various topics to guide the compliance under the PIPL from a practical perspective.

China does not have an independent data protection authority ("DPA") like the European countries. Instead, several departments like the Cyberspace Administration of China ("CAC"), the Ministry of Public Security ("MPS"), the State Administration for Market Regulation ("SAMR"), sectoral authorities and their local counterparts, have certain law enforcement power over personal information protection-related issues. It seems that the Draft does not change such status quo, but further clarifies the responsibilities and enforcement measures of authorities while maintaining the existing regulatory system.

1. Departments Performing Personal Information Protection Duties

Article 59 of the Draft puts forward the concept of "departments performing personal information protection duties", among which, the State cybersecurity and informatization department is responsible for comprehensive planning and coordination of personal information protection work and related supervision and management work; relevant departments of the State Council are responsible for personal information protection, supervision, and management work within their respective scope of duties and responsibilities; and relevant departments of county-level and higher local governments perform personal information protection duties according to related regulations.

Specifically, State cybersecurity and informatization department generally refers to the CAC. Relevant departments of the State Council include the MPS, the SAMR, the Ministry of Industry and Information Technology ("MIIT") and other sectoral authorities like the People's Bank of China, the Ministry of Science and Technology ("MST") and the Nation Health Commission. Relevant departments of county-level and higher local governments mainly refer to the local counterparts of the departments of the State Council mentioned above...